CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38745 – Apache OpenOffice: Empty entry in Java class path
https://notcve.org/view.php?id=CVE-2022-38745
When an empty Java class path entry is configured, LibreOffice will search for Java classes in the current working directory, allowing malicious Java classes to load when opening a document using the file manager, resulting in arbitrary code execution. • https://lists.apache.org/thread/q3noq7m681kvtb29m28x74q8cnwnzzo0 https://www.openoffice.org/security/cves/CVE-2022-38745.html https://access.redhat.com/security/cve/CVE-2022-38745 https://bugzilla.redhat.com/show_bug.cgi?id=2182044 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-427: Uncontrolled Search Path Element CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21020
https://notcve.org/view.php?id=CVE-2023-21020
In registerSignalHandlers of main.c, there is a possible local arbitrary code execution due to a use after free. • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 96%CPEs: 22EXPL: 3CVE-2023-26360 – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-26360
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. • https://github.com/yosef0x01/CVE-2023-26360 https://github.com/jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit http://packetstormsecurity.com/files/172079/Adobe-ColdFusion-Unauthenticated-Remote-Code-Execution.html https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html https://attackerkb.com/topics/F36ClHTTIQ/cve-2023-26360/rapid7-analysis • CWE-284: Improper Access Control •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30037
https://notcve.org/view.php?id=CVE-2022-30037
XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php. • https://weltolk.github.io/p/xunruicms-v4.3.3-to-v4.5.1-backstage-code-injection-vulnerabilityfile-write-and-file-inclusion • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 71%CPEs: 22EXPL: 0CVE-2023-26359 – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-26359
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html • CWE-502: Deserialization of Untrusted Data •